CVE-2024-30394

Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition.

This issue affects:
Junos OS:

* all versions before 21.2R3-S7,

* from 21.4 before 21.4R3-S5,

* from 22.1 before 22.1R3-S4,

* from 22.2 before 22.2R3-S2,

* from 22.3 before 22.3R3-S1,

* from 22.4 before 22.4R3,

* from 23.2 before 23.2R2.

Junos OS Evolved:

* all versions before 21.4R3-S5-EVO,

* from 22.1-EVO before 22.1R3-S4-EVO,

* from 22.2-EVO before 22.2R3-S2-EVO,

* from 22.3-EVO before 22.3R3-S1-EVO,

* from 22.4-EVO before 22.4R3-EVO,

* from 23.2-EVO before 23.2R2-EVO.

Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el componente Routing Protocol Daemon (RPD) de Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque un bloqueo de rpd, lo que lleva a una denegación de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando EVPN está configurado y se recibe una ruta EVPN tipo 5 específica a través de BGP, rpd se bloquea y se reinicia. La recepción continua de esta ruta específica dará lugar a una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S7, * desde 21.4 anterior a 21.4R3-S5, * desde 22.1 anterior a 22.1R3-S4, * desde 22.2 anterior a 22.2R3-S2, * desde 22.3 anterior a 22.3R3- S1, * de 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R2. Junos OS Evolved: * todas las versiones anteriores a 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S4-EVO, * desde 22.2-EVO antes de 22.2R3-S2-EVO, * desde 22.3-EVO antes de 22.3R3- S1-EVO, * de 22.4-EVO antes de 22.4R3-EVO, * de 23.2-EVO antes de 23.2R2-EVO.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

High

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-26 CVE Reserved
2024-04-12 CVE Published
2024-04-21 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (2)

URL	Tag	Source
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Technical Description

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA79094	2024-05-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				< 21.2R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S7"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 21.4 < 21.4R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S5"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.1 < 22.1R3-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S4"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.2 < 22.2R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.3 < 22.3R3-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S1"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.4 < 22.4R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.2 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				< 21.4R3-S5-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S5-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.1-EVO < 22.1R3-S4-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1-EVO < 22.1R3-S4-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.2-EVO < 22.2R3-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2-EVO < 22.2R3-S2-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.3-EVO < 22.3R3-S1-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S1-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.4-EVO < 22.4R3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 23.2-EVO < 23.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO"		en		Affected